mirror of
https://github.com/SillyTavern/SillyTavern.git
synced 2025-06-05 21:59:27 +02:00
Admin change password flow
This commit is contained in:
@@ -1,3 +1,4 @@
|
||||
const fsPromises = require('fs').promises;
|
||||
const storage = require('node-persist');
|
||||
const express = require('express');
|
||||
const slugify = require('slugify').default;
|
||||
@@ -191,6 +192,33 @@ router.post('/create', requireAdminMiddleware, jsonParser, async (request, respo
|
||||
}
|
||||
});
|
||||
|
||||
router.post('/delete', requireAdminMiddleware, jsonParser, async (request, response) => {
|
||||
try {
|
||||
if (!request.body.handle) {
|
||||
console.log('Delete user failed: Missing required fields');
|
||||
return response.status(400).json({ error: 'Missing required fields' });
|
||||
}
|
||||
|
||||
if (request.body.handle === request.user.profile.handle) {
|
||||
console.log('Delete user failed: Cannot delete yourself');
|
||||
return response.status(400).json({ error: 'Cannot delete yourself' });
|
||||
}
|
||||
|
||||
await storage.removeItem(toKey(request.body.handle));
|
||||
|
||||
if (request.body.purge) {
|
||||
const directories = getUserDirectories(request.body.handle);
|
||||
console.log('Deleting data directories for', request.body.handle);
|
||||
await fsPromises.rm(directories.root, { recursive: true, force: true });
|
||||
}
|
||||
|
||||
return response.sendStatus(204);
|
||||
} catch (error) {
|
||||
console.error('User delete failed:', error);
|
||||
return response.sendStatus(500);
|
||||
}
|
||||
});
|
||||
|
||||
module.exports = {
|
||||
router,
|
||||
};
|
||||
|
@@ -67,15 +67,20 @@ router.post('/change-password', jsonParser, async (request, response) => {
|
||||
return response.status(403).json({ error: 'User is disabled' });
|
||||
}
|
||||
|
||||
const isAdminChange = request.user.profile.admin && request.body.handle !== request.user.profile.handle;
|
||||
if (!isAdminChange && user.password && user.password !== getPasswordHash(request.body.oldPassword, user.salt)) {
|
||||
if (!request.user.profile.admin && user.password && user.password !== getPasswordHash(request.body.oldPassword, user.salt)) {
|
||||
console.log('Change password failed: Incorrect password');
|
||||
return response.status(401).json({ error: 'Incorrect password' });
|
||||
}
|
||||
|
||||
const salt = getPasswordSalt();
|
||||
user.password = getPasswordHash(request.body.newPassword, salt);
|
||||
user.salt = salt;
|
||||
if (request.body.newPassword) {
|
||||
const salt = getPasswordSalt();
|
||||
user.password = getPasswordHash(request.body.newPassword, salt);
|
||||
user.salt = salt;
|
||||
} else {
|
||||
user.password = '';
|
||||
user.salt = '';
|
||||
}
|
||||
|
||||
await storage.setItem(toKey(request.body.handle), user);
|
||||
return response.sendStatus(204);
|
||||
} catch (error) {
|
||||
|
Reference in New Issue
Block a user